Semiconductor memory card, and program for controlling the same

ABSTRACT

A semiconductor memory card that has a sufficient storage capacity when an electronic commerce (EC) application writes data to a storage is provided. A usage area for the EC application in EEPROM  3  in a tamper resistant module (TRM)  1  is expanded. The expansion is such that a partition generated in a flash memory  2  outside the TRM  1  is assigned to the EC application while a partition table is allocated in the internal EEPROM  3.  Because the partition table is in the TRM  1,  only a CPU  7  in the TRM  1  is able to access the generated partition table. Secrecy of stored contents increases because the access to the expanded area is limited to the CPU in the TRM  1.

TECHNICAL FIELD

The present invention relates to a semiconductor memory card thatensures security of stored contents, and to a technology for expanding astorage capacity of the memory card.

BACKGROUND ART

Production of semiconductor memory cards is a rapidly growing industryof recent years that has drawn attention from entities in many areas,such as mass medias, financial institutions, and governmentalinstitutions both national and local.

It is a function for protecting contents stored in a memory card thathas caught such heavy attentions. Popular examples of semiconductormemory cards include an SD memory card and an IC card. The SD memorycard is a contact type semiconductor memory card, having a nonvolatilememory, a logic circuit, and a connector. When a host device connects tothe SD memory card via the connecter, the SD memory card allows the hostdevice to access the nonvolatile memory after authenticating the hostdevice by performing a challenge-and-response mutual authentication.Because the SD memory card is able to reject an access from anunauthorized device and has a large capacity of nonvolatile memory from64 MB to 1 GB, it is desirable to use the SD memory card for storingdata that needs copyright protection, such as audio data and video data.

The IC card is-such that a CPU, a mask ROM, and an IC chip containingEEPROM are disposed on a board, and a spiral antenna is buried in theboard. The IC card performs noncontact data input/output with the hostdevice via the spiral antenna. The IC chip is also called a tamperresistant module (TRM), and is resistant to reverse engineering such asdisassembly and internal analysis.

Because of this tamper resistance, the IC card is desirable for paymentuse, and many credit card companies and banking companies consideradopting IC cards. Drawbacks of the IC card are that production cost ishigh and a capacity of the EEPROM in the TRM is only about 160 KB.

As described above, the SD memory card and the IC card each have prosand cons, and it is not easily concluded which is better.

A conventional art for the SD memory card is disclosed in a patentdocument 1 as follows.

<Patent Document 1>

Japanese Laid-Open Patent Application No. 2001-14441

In Electronic Commerce (EC) where the host device is a server of acredit card company, it is convenient to be able to download and storean annual transaction schedule in a semiconductor memory card. Data forthe annual transaction schedule, however, is usually large in size, andthe IC card does not have a sufficient memory capacity. On the otherhand, it does not give a sense of security to store the annualtransaction schedule in the SD memory card, which does not include aTRM, even though the SD memory card has a sufficient amount of memorycapacity, because such an annual transaction schedule has values to beprotected next to money.

Manufacturers of the semiconductor memory cards are facing a toughchoice between mass production of TRMs risking the rise in productioncost, and ignoring demands from the credit card companies.

DISCLOSURE OF THE INVENTION

An object of the present invention is to provide a semiconductor memorycard that is capable of storing a large capacity of data that has avalue next to money at a reasonable level of security.

In order to achieve the above object, a semiconductor memory cardaccording to the present invention is a semiconductor memory cardcomprising a tamper resistant module and a nonvolatile memory, whereinthe tamper resistant module includes: an internal memory having a usagearea used by a program stored in the tamper resistant module; and aprocessing unit operable to (i) assign an area in the nonvolatile memoryto the program, and (ii) generate, on the internal memory of the tamperresistant module, access information for the assigned area, the usagearea and the assigned area thereby composing a total area for use by theprogram. Because the access information about the usage area of theprogram is generated in the tamper resistant module, it is possible tokeep an entire structure of the usage area secret.

It becomes difficult to identify where one usage area starts and ends inthe nonvolatile memory, and which area and how the program accesses iskept secret. Because it is difficult to grasp a location of the usagearea as a whole, it is possible to prevent an illegal access.

The semiconductor memory card according to the present invention mayalso be the above semiconductor memory card wherein the processing unitcomprises: an assigning unit operable to assign, at a time of thegeneration of the access information, an encryption key which theprogram uses in accessing the assigned area; an encrypting unitoperable, at a time of the program writing data to the assigned area, toencrypt the data; and a decrypting unit operable, at a time of theprogram reading data from the assigned area, to decrypt the data.

The program is able to read from and write to the area only after theunique encryption key is assigned to the program. Accordingly, even ifmore than one programs access to the semiconductor memory card and oneof the programs revealed the encryption key assigned to it, data thatother programs have written to the semiconductor memory card may not bedecoded by the encryption key assigned to the program. Even if anencryption key of one program is revealed, the rest of the EC clientapplications will not be affected, and therefore it is possible tomaintain the secrecy of the data the programs write.

The semiconductor memory card according to the present invention mayalso be the above semiconductor memory card wherein the processing unitfurther comprises: a receiving unit operable to receive a security levelfrom the program; and a storage unit that stores values for differentsecurity levels, bit lengths of an encryption key, and encryptionmethods, the bit lengths and encryption methods corresponding one-to-oneto the values, the encryption key assigned by the assigning unit isgenerated based on a bit length corresponding to the received securitylevel, and the encryption and decryption by the encrypting unit anddecrypting unit, respectively, are performed based on an encryptionmethod corresponding to the received security level. The program sets asecurity level based on importance of the data and necessary proceduresfor reading and writing the data, and requests the processing unit fordata write and read based on the set security level. Therefore, it ispossible to make arrangement that a security level of large and lessimportant data is set low so the data write may be completed in a shortperiod of time.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates an environment in which an SDeX memory card is used.

FIG. 2 illustrates an internal structure of a semiconductor memory cardaccording to the present invention.

FIG. 3 illustrates a hardware structure in a TRM 1.

FIG. 4 illustrates a software structure for a part corresponds to a maskROM 6 and a CPU 7 in the TRM 1 of FIG. 3.

FIG. 5 illustrates a logical format of an external flash memory 2 and aninternal EEPROM 3.

FIG. 6 illustrates an internal structure of an expanded area 22, anauthenticated area 23, and a non-authenticated area 24.

FIG. 7 illustrates a structure common to all partitions.

FIG. 8A illustrates a partition table.

FIG. 8B illustrates a partition boot sector in an partition illustratedin FIG. 7.

FIG. 9 illustrates accesses to the SDeX memory card from an EC server100 and from an SD portable device 300.

FIG. 10 illustrates command-response sequences among the SDeX memorycard, the SD portable device 300, and the EC server 100.

FIG. 11 illustrates an internal structure of an OS 10 according to asecond embodiment.

FIG. 12A is a flowchart showing a process performed by an area expansionunit 11 and an encryption/decryption unit 14.

FIG. 12B is a flowchart showing a process of file write performed by thearea expansion unit 11 and the encryption/decryption unit 14.

FIG. 12C is a flowchart showing a process of file read performed by thearea expansion unit 11 and the encryption/decryption unit 14.

FIG. 13 illustrates an allocation of the flash memory 2 according to afourth embodiment.

FIG. 14 illustrates an allocation of the TRM internal memory 3 accordingto the fourth embodiment.

FIG. 15 illustrates a process of an access to a secure flash areaaccording to the fourth embodiment.

FIG. 16 is a flowchart showing an order of a process by the OS 10 wheninitializing the secure flash area.

FIG. 17 is a flowchart showing an order of a process by the OS 10 whengenerating a file system.

FIG. 18 is a flowchart showing an order of a process by the OS 10 whenaccessing the file system.

FIG. 19 is a flowchart showing an order of processes by the OS 10 whendeleting the file system.

FIG. 20 illustrates a structure of a memory module according to a fifthembodiment.

FIG. 21 is a table of performance comparison between the flash memoryand a FeRAM.

FIG. 22 illustrates the FeRAM assigned with data that is frequentlyrenewed, such as a file entry, FAT, and a clear process managing table.

FIG. 23 illustrates an internal structure of the TRM internal memory 3according to a sixth embodiment.

BEST MODE FOR CARRYING OUT THE INVENTION First Embodiment

A semiconductor memory card of a first embodiment according to thepresent invention is explained below. The semiconductor memory card ofthis embodiment is an SDeX memory card. The SDeX memory card is used asa medium for an SD portable device like SD memory cards, and, at thesame time, has a tamper resistant module (TRM) built-in like IC cards.Further, the SDeX memory card is capable of performing both contactcommunication and noncontact communication in order to communicate withexternal devices.

First of all, an explanation for a practical use of the semiconductormemory card of this embodiment (SDeX memory card) is given. The SDeXmemory card is connected to the SD portable device, such as a cellphone, and used by a user in such an environment shown in FIG. 1. FIG. 1illustrates the environment in which an SDeX memory card 400 is used.

An EC server 100, a card reader/writer 200, a base station 210, and a SDportable device 300 are included in the environment in FIG. L.

The EC server 100 provides the IC card with an EC service via the cardreader/writer 200, a base station 210, and a network. A plurality of ECapplications work in the EC server 100, and each of the EC applicationsprovides a specific EC service to the SDeX memory card 400. The ECapplications working on the EC server 100 are EC server applications fora different kind of EC service. In FIG. 1, n kinds of EC serverapplications for n kinds of services are referred to as S_APL 1, 2, 3, .. . , n, respectively. Providing the EC services by the EC server 100 isperformed by issuing an EC command to the SDeX memory card 400 via thenetwork, the card reader/writer 200, and the base station 210.

The card reader/writer 200 is such as a cash dispenser at financialfacilities or a device equipped to cash registers, and supplies power tothe SDeX memory card 400 and performs noncontact data input/output withthe SDeX memory card 400. The card reader/writer 200 is connected to thenetwork and the SDeX memory card 400 is able to receive the EC serviceprovided by the EC server 100 via the card reader/writer 200.

The base station 210 is a device equipped at a rooftop of buildingstructures and at a top of electric poles, and performs wireless datainput/output with the cellular telephone type SD portable device 300.The base station 210 is connected to the network, and the SD portabledevice 300 is able to receive the EC service provided by the EC server100 via the base station 210.

The SD portable device 300 is a device to which the SDeX memory card 400is connected in order to access the SDeX memory card 400. A browser andthe like is installed in the SD portable device 300, and a user is ableto access a file system (FS) in the SDeX memory card 400 via a userinterface of the browser. The access to the file system becomes possibleby issuing an SD command that is specified in the SD memory card to theSDeX memory card 400, and receiving a response to the SD command fromthe SDeX memory card 400. When the SD portable device 300 is booted fromthe SDeX memory card 400 with the bootstrap, the SD portable device 300and the SDeX memory card 400 function as an IC card as a whole. A spiralantenna is buried in a back of the SD portable device 300, and when theSD portable device 300 functions as the IC card, the spiral antennasupplies the SDeX memory card 400 with power from the card reader/writer200. The SD portable device 300 also performs a two-way conversionbetween command/response with the SDeX memory card 400 andcommand/response with the EC server 100. Specifically, the two-wayconversion performed by the SD portable device 300 is such that the SDportable device 300 generates an expanded SD command by encapsulating anEC command received from the EC server 100, then outputs the expanded SDcommand to the SDeX memory card 400, and retrieves an EC response froman SD response from the SDeX memory card 400, then outputs the retrievedEC response to the EC server 100. A mode in which the SD portable device300 is booted from the SDeX memory card 400 with the bootstrap andfunctions as the IC card is called an “EC mode”. The other mode in whichthe SD portable device 300 uses the SDeX memory card 400 as a recordingmedium is called an “SD mode”.

When the SDeX memory card 400 used is in the SD mode, the SDeX memorycard 400 is used as an SD card. In this case, the host device of theSDeX memory card 400 is the SD portable device 300. The SDeX memory card400 stores audio data and video data which the SD portable device 300downloads from a distribution server. The host device is able toreproduce the audio data and video data stored in the SDeX memory card400.

When the SDeX memory card 400 used is in the EC mode, the SDeX memorycard 400 is used as an IC card. The SDeX memory card 400 is connected tothe SD portable device 300 in this case too. The host device of the SDeXmemory card 400, however, is not the SD portable device 300, but the ECserver 100 on the network. The SDeX memory card 400 communicates withthe EC server 100, utilizing the SD portable device 300 connected to theSDeX memory card 400, along with the card reader/writer 200 and the basestation 210. With this communication, the SDeX memory card 400 is ableto perform a money transaction with the EC server 100.

The SDeX memory card 400 of the present embodiment has increasedconvenience for users because it can be used as an IC card in additionto a storage for distributed audio data and video data.

In FIG. 1, the memory card 400 in the EC mode accesses the EC server 100via the card reader/writer 200, it is also possible that the portabledevice 300 accesses the EC server 100 via the base station 210.

Next, manufacturing of the semiconductor memory card according to thepresent invention is described below. The semiconductor memory cardaccording to the present invention may be industrially produced based onan internal structure illustrated in FIGS. 2 and 3.

As shown in FIG. 2, an connector, a tamper resistant module (TRM) 1, aflash memory 2 having 256 MB storage capacity are mounted in thesemiconductor memory card according to the present invention.

The tamper resistance in general means the following.

-   (1) The internal structure may not be analyzed even if the chip is    physically unpacked.-   (2) The internal structure may not be analyzed even if the chip is    irradiated with electromagnetic waves.-   (3) A relation between a data length of input data and a processing    time is non-linear.-   (4) Output data may not be calculated back using a processing result    when an error has occurred due to input data.

Because of the above characteristics described in (1)-(4), the TRM 1 isresistant to many kinds of reverse engineering. The following describeshardware elements in the TRM 1.

FIG. 3 illustrates a hardware structure in the TRM 1. As shown in FIG.3, an internal EEPROM 3, an external memory controlling unit 4, a hostinterface module (HIM) 5, a mask ROM 6, and a CPU 7 are mounted insidethe TRM 1, forming a microcomputer system.

The internal EEPROM 3 is a readable and writable memory. Themicrocomputer system mounted as the TRM 1 is expensive in productioncost per unit area. A capacity of the internal EEPROM 3 is 32 KB. Forconvenience, the EEPROM is referred to as an internal memory, and theflash memory 2 illustrated in FIG. 2 is referred to as an externalmemory, in some cases in the present specification.

The external memory controlling unit 4 is a dedicated circuit foraccessing the flash memory 2. The access to the flash memory 2 isperformed based on SD commands issued by the SD portable device 300.

The HIM 5 refers to command numbers for the SD commands issued by the SDportable device 300, and sorts the SD commands based on the commandnumbers. The SD command numbers include numbers from one tom, as well asextension numbers that are greater than m. When a command number for anSD command is one to m, the SD command is outputted to the externalmemory controlling unit 4, and when the command number is greater thanm, the SD command is outputted to the CPU 6 after obtaining anencapsulated EC command from the SD command.

The mask ROM 6 is a read only memory in which an operation system (OS),a Java virtual machine, an application are stored in advance. The SDportable device 300 runs in the EC mode by booted with the bootstrapfrom a fixed address in the mask ROM 6.

The CPU 7 executes programs stored in the mask ROM 6.

FIG. 4 illustrates a software structure for a part corresponds to themask ROM 6 and the CPU 7 in the TRM 1 of FIG. 3. A part shown as wk 1 ina broken line is a module compatible with the IC card(IC-card-compatible module). A part that is inside the TRM 1 and outsidethe broken line is a module compatible with the SD memory card.

The part compatible with the SD memory card includes the external memorycontrolling unit 4 and the HIM 5. The HIM 5 has conventional functionsin the SD memory card, and functions as an interface to theIC-card-compatible module.

The IC-card-compatible module has a layered structure. In this layeredstructure, the internal EEPROM 3 is in a lowest layer (physical layer),an OS 10 is in a layer one above the internal EEPROM 3, and the Javavirtual machine 9 is in a layer one above the OS 10. EC clientapplications 8 are in a top layer. Note that the external memorycontrolling unit 4 is in the physical layer as with the internal EEPROM3.

An explanation about the software structure (the EC client applications8, the Java virtual machine 9, and the OS 10) illustrated in FIG. 4 isgiven below.

The EC client applications 8 are a kind of EC applications described inthe Java language, and access the EC server 100 based on a useroperation. The EC server 100 has more than one EC server application,each for a different kind of EC services, and the SDeX memory card 400also has more than one EC client application, each for a different kindof EC services. “C_APL1, 2, 3, . . . n” in the drawing indicates thatthe SDeX memory card 400 has the EC client applications that correspondto the EC server application S_APL1, 2, 3, . . . n, respectively. By theEC client applications 8 sending and receiving commands between the ECserver applications on the EC server 100 via the card reader/writer 200and the base station 210, a user may accept various EC services on theEC server 100. When the EC command received from an EC serverapplication on the EC server is a write data command, a corresponding ECclient application outputs the received EC command to the OS 10 via theJava virtual machine 9.

The EC client applications 8, other than an intended role as the ECclient application, access the flash memory 2 and the internal EEPROM 3based on the user operation when in the EC mode. The access to the flashmemory 2 and the internal EEPROM 3 by the EC client applications 8includes a file access such as creating files and read/write in thefiles.

The Java virtual machine 9 (JavaCard VM™ in the drawing) converts the ECclient applications 8 described in the Java language into a native codeof the CPU 7, and has the CPU 7 execute the converted applications.

The OS 10 reads and writes the flash memory 2 and the internal EEPROM 3based on the commands issued by the EC client applications. This is theend of the explanation of the software structure of the SDeX memory card400.

Next, a logical format of the flash memory 2 and the internal EEPROM 3is explained below. FIG. 5 illustrates the logical format of theexternal flash memory 2 and the internal EEPROM 3. The SDeX card of thepresent invention is a multi-application semiconductor memory card,which is capable of handling multiple applications C_APL1, 2, 3, . . . ,n. Accordingly, the logical format of the SDeX card of the presentinvention includes multiple file systems corresponding to theapplications C_APL1, 2, 3, . . . , n, respectively.

Generally, a file system of a storage medium is an area in the storagemedium and data stored in the file system is recognizable as a file or adirectory. Specifically, programs accessing the storage medium may writeand read data to and from the file or the directory without concerningabout a physical unit in the storage medium such as a sectors and arecording block. An information system for realizing the file and thedirectory on the storage medium is called a file system structure. Thelogical format described above includes such file systems for each ofthe EC client application.

A space that is a total area of the flash memory 2 and the internalEEPROM 3 is divided into two memory spaces sm 1 and sm 2. The memoryspace sm 1 is accessible from the CPU 7 in the TRM 1, and includes ausage area 21 used by EC client applications and an expanded area 22that is also used by the EC client applications. The memory space sm 2is accessible by the SD portable device 300 without routed through theCPU 7 in the TRM 1, and includes an authenticated area 23 and anon-authenticated area 24. The authenticated area 23 and thenon-authenticated area 24 are memory areas in the SD memory card, usedby applications (SD applications) in the SD portable device. Referringto the above stated patent document (Japanese Laid-Open PatentApplication No. 2001-14441) would be helpful for general meanings of theauthenticated area 23 and the non-authenticated area 24.

FIG. 6 illustrates an internal structure of the expanded area 22, theauthenticated area 23, and the non-authenticated area 24. The expandedarea 22, the authenticated area 23, and the non-authenticated area 24have a file system structure compliant with ISO/IEC 9293. ISO/IEC 9293is an example of possible file system structures chosen for convenience,and a different file system structure such as Universal Disk Format(UDF) may also be used. The authenticated area 23 and thenon-authenticated area 24 are outside the TRM 1, and accordingly asecure level of the authenticated area 23 and the non-authenticated area24 is the lowest. Provided that there are three levels (“high”,“medium”, and “low”), the secure level of the authenticated area 23 andthe non-authenticated area 24 is “low”.

The usage area 21 used by the EC client applications is an area in whichmore than one file system is provided. Each file system corresponds toeach application of the multiple applications. In FIG. 6, “Master BootRecord”, “Partition Table”, and “Partition” are shown only one for each.However, each of the multiple applications has corresponding “PartitionTable” and “Partition”, respectively, in the usage area 21 used by theEC client applications. An entire part of the usage area 21 is containedin the TRM 1, and accordingly, the secure level of the usage area 21 isthe highest. Provided that there are three levels (“high”, “medium”, and“low”), the secure level of the usage area 21 is “high”.

The expanded area 22 is an expansion of the usage area 21 used by the ECclient applications, and includes a sub-area 22 a in the internal EEPROM3 and a secure flash area 22 b in the flash memory 2. The secure flasharea 22 b contains partitions 1, 2, 3, . . . , n. The partitions 1, 2,3, . . . , n are file system areas each corresponding to eachapplication of the multi applications in the TRM. In order to recognizethe partitions 1, 2, 3, . . . , n as the file system areas, informationto access the file system areas (access information) becomes necessary.In the present embodiment, the access information corresponds topartition tables 1, 2, 3, . . . , n. The partition tables 1, 2, 3, . . ., n included in the sub-area 22 a is a characteristic part of thepresent embodiment.

The SD portable device 300 only recognizes the authenticated area 23 andthe non-authenticated area 24 in the SD mode. It is not possible toaccess the usage area 21 and the secure flash area 92 b in the SD mode,because a master boot record and the partition tables are in the TRM 1.

An access to the secure flash area 22 b is possible only from the CPU 7.This means that the access to the secure flash area 22 b is basicallyrestricted to accesses by the EC client applications. The secure levelof the secure flash area 22 b is medium, because the access informationis stored in the TRM 1. Provided that there are three levels (“high”,“medium”, and “low”), the secure level of the usage area 21 is “medium”.Note that an application that runs in the SD mode may access the secureflash area 22 b on an exceptional basis by issuing a special command.

In FIG. 6, a file system area (partition) and access information(partition table) in the usage area 21 are different from the accessinformation in the secure flash area 22 b. The usage area 21 is an areaseparate from the secure flash area 22 b. Accordingly, even in a worstcase in which contents of the file system areas in the flash memory 2are revealed by a person with a malicious intent, it is almostimprobable that the usage area 21 is revealed through the content of thesecure flash area 22 b. By keeping the two access informationseparately, it is possible to realize a firewall function for the usagearea 21, and maintain secrecy of the usage area 21.

An internal structure of the partitions in the secure flash area 22 b,the authenticated area 23, and the non-authenticated area 24 are thesame. FIG. 7 illustrates the structure common to the partitions.

A partition includes a “Partition Boot Sector”, a “Duplicate FileAllocation Table”, a “Root Directory Entry”, and a “User Area”.

The “Partition Boot Sector” is a table in which information forpartitions are described.

The “Duplicate File Allocation Table (FAT)” is made of two FATscompliant with ISO/IEC 9293. Each FAT includes FAT entries eachcorrespond to a different cluster. Each FAT entry indicates whether ornot the corresponding cluster is being used. If the correspondingcluster is not used, the file entry is set “0”, and if the correspondingcluster is used, a cluster number is set for the file entry. The clusternumber indicates a linkage among clusters, such as which cluster to beread next after reading the cluster that corresponds to the file entryof the cluster number.

The “Root Directory Entry” includes file entries for files in a rootdirectory. Each file entry includes information of a corresponding file:a file name, a file extension, a file head cluster number (the number ofa cluster in which a head part of the file is stored), a file attribute,a file recording time, a file recording data, and a file length.

The “User Area” is an area in which files are stored. A set of sectorsand recording blocks that belong to the user area, which is recognizedas a file, is a substantial part of the file. This is the end of theexplanation of the partitions. The partition tables and the partitionboot sector are explained next.

The partition tables for the secure flash area 22 b are in the internalEEPROM 3. On the other hand, the partition tables for the authenticatedarea 23 and the non-authenticated area 24 are in the flash memory 2.However, the partition tables for the secure flash area 22 b, theauthenticated area 23, and the non-authenticated area 24 all have thesame internal structure illustrated in FIG. 8A. FIG. 8A illustrates apartition table, and FIG. 8B illustrates a partition boot sector of thepartition in FIG. 7.

The “Partition Table” is a table indicating a location and a size of acorresponding partition, and, as shown by an arrow ky 2 in FIG. 8A,includes a “Boot Indicator”, a “Starting Head” for specifying thestarting header of the partition, a “Starting Sector” for specifying thestarting sector of the partition, a “System ID” indicating a type of thefile system area, an “Ending Head”, an “Ending Sector” for specifyingthe ending sector of the partition, a “Relative Sector” indicating anumber of relative sectors till the starting sector in the partition,and a “Total Sector” indicating a number of the sectors in thepartition.

In the partition boot sector, an Extend FDC descriptor havinginformation items illustrated in FIG. 8B is set. According to FIG. 8B,the Extend FDC descriptor includes such items as Jump Command, CreatingSystem Identifier, Sector Size indicating a size of one sector, Sectorper Cluster indicating a number of sectors per cluster, Reserved SectorCount, Number of FATs indicating a number of FATs includes in aduplicate FAT, Number of Root-directory Entries, Total Sectors, MediumIdentifier, Sector Per FAT indicating a number of sectors per FAT,Sector PerTrack, Number of Sides, Number of Hidden Sectors, TotalSectors indicating a total number of sectors, Physical Disk Number,Extended Boot Record Signature, Volume ID Number, Volume Label, FileSystem Type, and Signature Word.

This is the end of the explanation of the internal structure of the TRM1. Next, an area expansion unit 11 and technical significance ofmounting the area expansion unit 11 are explained below.

In the IC-card-compatible module, data received from the EC serverapplication is written to the internal EEPROM 3. The data that the ECserver application requests to write relates to money, and most of suchdata is small enough in size to be stored in the internal EEPROM 3.However, in a case in which the data that the EC server applicationrequests to write relates to the annual transaction schedule, theinternal EEPROM 3 does not have a sufficient memory capacity, becausethe annual transaction schedule is too large in size. On the other hand,it does not give a sense of security to store the annual transactionschedule in the flash memory 2, because such an annual transactionschedule has values to be protected next to money.

Therefore, the area expansion unit 11 expands the usage area from theinternal EEPROM 3 to the flash memory 2, with maintaining the securitynext to TRM 1.

The area expansion unit 11 assigns one file system area in the flashmemory 2 to the EC client application, upon request from an EC clientapplication for the expansion of the usage area. The file system areaassigned to the EC client application is uniquely assigned to the ECclient application, and other EC client applications are not allowed toaccess the file system area. In the file system area as a closed space,the EC client application may freely access the files. The file systemarea assigned by the area expansion unit 11 is a partition within thesecure flash area 22 b described above. An attaching by the areaexpansion unit 11 is performed upon request from the EC clientapplication for opening the file system. When the opening of the filesystem is requested, the area expansion unit 11 generates a partition inthe flash memory 2, and allocates a partition table for the generatedpartition. Then, the area expansion unit 11 gives the EC clientapplication an APL-ID for using the file system area. The APL-ID is arandom number having 10 digits or more, and used like a password.

The EC client application is able to read and write data from and to theassigned file system area, by using the APL-ID given by the areaexpansion unit 11. Opening the file system area is not the same asopening a file, and in order to open a file in the secure flash area 22b, the EC client application is required to perform opening two times;open the file system first, and then open an actual file.

After the EC client application finishes reading and writing the data, adetaching of the file system is performed. The detaching of the filesystem is to release the partition assigned to the EC clientapplication. The detaching by the area expansion unit 11 is performedupon request from the EC client application for closing the file system.When the closing of the file system is requested, the area expansionunit 11 performs the detaching. Closing the file system area is not thesame as closing a file, and the EC client application is required toperform closing two times; close the file first, and then close the filesystem. When the same EC client application is going to use the samepartition later on, the EC client application has to prove theauthenticity using the APL-ID before the area expansion unit 11 performsthe attaching.

FIG. 9 illustrates accesses to the SDeX memory card 400 from the ECserver 100 and the SD portable device 300. Arrows jt1, jt2, and jt3 insolid line schematically show accesses to the SDeX memory card 400 fromthe EC server 100, and an arrow hs1 in broken line schematically showsan access to the SDeX memory card 400 from the SD portable device 300.As shown in this drawing, the EC server 100 in an EC access is able toaccess any of the internal EEPROM 3 and the secure flash area 22 b inthe flash memory 2, and the EC server application in the EC server 100may select which to write, based on a level of importance and a size ofdata to be written.

FIG. 10 illustrates command-response sequences among the SDeX memorycard, the SD portable device 300, and the EC server 100. Arrows facingright in the drawing indicate commands, and arrows facing left indicateresponses.

In the SD mode, the SD portable device 300 is the host device, and theSD portable device 300 performs sending/receiving sc1, sc2, sc3, and sc4of SD commands and SD responses between the external memory controllingunit 4 in the SDeX memory card 400 via the HIM 5.

The sequence in the EC mode uses basically the same sequence as in theSD mode, and a sending/receiving sc5 and sc6 of a command and a responseare performed between the SD portable device 300 and the external memorycontrolling unit 4 via the HIM 5. The command and response here are anSD command and an SD response generated by encapsulating an EC commandand an EC response, respectively. The SD portable device 300 performs,in addition to sending/receiving of the command and response via the HIM5, sending/receiving sc7 and sc8 of an EC command and an EC responsewith the EC server 100 via the card reader/writer 200, the base station210, and the network. Performing the sending/receiving of the EC commandand EC response is a first difference from the sequence in the SD mode.In sending and receiving of commands and responses with the EC server100, the SD portable device 300 performs mutual conversion between an ECcommand/response and an SD command/response.

A second difference from the sequence in the SD mode is described below.While the command/response are transmitted between the external memorycontrolling unit 4 and the HIM 5 directly in the SD mode, thecommand/response in the EC mode are transmitted via the EC clientapplication 8 and the area expansion unit 11 in the IC-card-compatiblemodule. The sequence in the EC mode includes indirection's uc1, uc2,uc3, uc4, uc5, uc6, and uc7, and this is the second difference betweensequences in the SD mode and in the EC mode.

In the indirections, the EC client application performs a file systemopen and a file open, in an order, prior to writing to the flash memory2. When the file system open is instructed, the area expansion unit 11performs attaching the file system.

On the other hand, after writing in the flash memory 2, the EC clientapplication performs a file close and a file system close. When the fileclose is instructed, the area expansion unit 11 performs detaching thefile system.

As described above, according to the present embodiment, in expandingthe usage area from the internal EEPROM in the TRM 1 to the flash memory2, a partition that is a part of the expanded area is assigned on theflash memory 2 to the EC client application, and the partition table isgenerated in the TRM 1. Because the partition table that is an essentialpart of the expanded area is kept secret in the TRM, a person with amalicious intention is not able to know where the expanded area starts.By this, it is possible to maintain the secrecy of data written by theEC client application.

Moreover, each EC client application is assigned with a partition, and arelation among partitions is made exclusive. Accordingly, even if one ofa plurality of EC client applications is operated by the person with themalicious intention, contents stored in partitions assigned to other ECclient applications will not be disclosed to the EC client applicationoperated by the person. Because an unauthorized access to one EC clientapplication may not be spread to the rest of the EC client applications,it is possible to maintain the secrecy of the stored contents.

Second Embodiment

A second embodiment relates to an improvement so as to protect thestored contents in the secure flash area 22 b more tightly than thefirst embodiment. Protection of the stored content in the SDeX memorycard 400 is generally realized by encrypting the stored contents.

However, in a case in which the secure flash area 22 b is accessed by anillegal EC client application, there is a possibility that an encryptionkey that encrypts the stored contents in the secure flash area 22 bmight be revealed by the person operating the illegal EC clientapplication. In such a case, there is another possibility that thestored contents of other EC client applications that access the secureflash area 22 b are also revealed, and damages could spread to ECproviders of other EC client applications that access the secure flasharea 22 b.

In the present embodiment, in order to prevent the stored contents inthe secure flash area 22 b from being entirely revealed, the OS 10assigns an encryption key unique to the EC client application, when thepartition is assigned to each EC client application. At a time of the ECclient application accessing to a file system in the assigned secureflash area, the EC client application encrypts and decrypts data to bewritten to and read from the file system using the unique encryption keyassigned to the EC client application. Partitions are assigned to the ECclient application in one to one correspondence, and the encryption anddecryption are performed using the unique encryption key assigned toeach of the EC client applications. Accordingly, even if a user who isoperating one EC client application finds out the encryption keyassigned to the EC client application, it is not possible to find outencryption keys assigned to other EC client applications.

In order to perform the above encryption and decryption, the OS 10 hassuch a structure illustrated in FIG. 11. As shown in FIG. 11, the OS 10includes a selection table 12, an encryption table 13, and anencryption/decryption unit 14, in addition to the area expansion unit 11as in the first embodiment.

The selection table 12 is a table that makes correspondence between bitlengths and encryption methods. A bit length indicates a bit length ofan encryption key when generating the encryption key unique to an ECclient application. An encryption method indicates an algorithm forencryption using the generated encryption key. The bit lengths andencryption methods correspond one to one to values of 1 to L securitylevels. A longer bit length and an algorithm with a higher difficultylevel correspond to a value of a higher security level, and a shorterbit length and an algorithm with a lower difficulty level correspond toa value of a lower security level. This means that the higher adifficulty level is and the longer a bit length is, the tighter thesecurity of the contents stored in the partition becomes. A degree ofsecurity level is in proportional relation with processing time forencryption. Specifically, the higher the difficulty level of encryptionand the longer the bit length of the encryption key are, the longer theprocessing time required for encryption and decryption becomes. On theother hand, the lower the difficulty level of encryption and the shorterthe bit length of the encryption key are, the shorter the processingtime required for encryption and decryption becomes, and thus thesecurity of the contents stored in the partition becomes looser.

The encryption table 13 is a table that makes correspondence amongAPL-IDs, the encryption methods, and the bit lengths.

The encryption/decryption unit 14, when the area expansion unit 11assigns a partition to an EC client application, receives a securitylevel from the EC client application 8, and searches an encryptionmethod and a bit length that correspond to the security level in theselection table 12 (rf1 and rf2 in the drawing), and generates a randomnumber having the length of the searched bit length. The generatedrandom number is assigned to the EC client application as a uniqueencryption key. A result of assigning is shown in the encryption table13 (“ADD RECORD” in the drawing). After this, when the EC clientapplication writes data, the encryption/decryption unit 14 encrypts thedata received from the EC client application (“WRITE DATA” in thedrawing) using the assigned encryption key, and then outputs theencrypted data to the external memory controlling unit 4 (“WRITEENCRYPTED DATA” in the drawing). When the EC client application readsdata, the encryption/decryption unit 14 decrypts the data received fromexternal memory controlling unit 4 (“READ ENCRYPTED DATA” in thedrawing) using the assigned encryption key, and then outputs thedecrypted data to the EC client application 8 (“READ DATA” in thedrawing).

The area expansion unit 11 and the encryption/decryption unit 14according to the second embodiment are created by having the CPU 7execute a program written in a computer description language forperforming processes in flowcharts shown by FIGS. 12A-C.

FIG. 12A is a flowchart showing processes performed by the areaexpansion unit 11 and the encryption/decryption unit 14.

Steps S1-S4 in the flowchart in FIG. 12A indicate a process performed bythe area expansion unit 11. The area expansion unit 11 assigns apartition number i, which has not been assigned yet, to an EC clientapplication that has requested for an expansion of an area to be used inStep S1, then writes a partition table for an i-th partition to theinternal EEPROM 3, and creates a partition in the flash memory 2 in StepS2. In Step S3, the area expansion unit 11 generates a password, and inStep S4, notifies of the generated password as APL-ID to the requestingEC application.

Further, Steps S5-S7 in the flowchart in FIG. 12A indicate a processperformed by the encryption/decryption unit 14. In Step S5, theencryption/decryption unit 14 obtains an encryption method and a bitlength corresponding to a security level that has been notified of inthe expansion request. In Step S6, the encryption/decryption unit 14generates a random number of the obtained bit length, and in Step S7,adds a record including the obtained encryption method, bit length, andthe generated random number to the encryption table.

FIG. 12B is a flowchart showing processes for writing a file performedby the area expansion unit 11 and the encryption/decryption unit 14.

In Step S1, the area expansion unit 11 obtains the APL-ID assigned tothe application to perform a file write. In Step S12, the area expansionunit 11 identifies the partition number i by the APL-ID, and accepts asetting for parameters buf, file, and fp from the application.

The parameters accepted in this step are as follows.

-   buf: a pointer to data to be written-   file: a name of a target file to which the data to be written-   fp: a pointer inside the target file

In Step S13, the encryption/decryption unit 14 encrypts the data in bufusing an encryption key i based on an encryption method i in the record,and in Step S14, the area expansion unit 11 writes the encrypted data tothe file in the partition i, at a part where the file pointer points andafter.

FIG. 12C is a flowchart showing processes for reading a file performedby the area expansion unit 11 and the encryption/decryption unit 14. InStep S21, the area expansion unit 11 obtains the APL-ID assigned to theapplication that performs a file read. In Step S22, the area expansionunit 11 identifies the partition number i by the APL-ID, and in StepS23, accepts a setting for parameters buf, file, fp, and size from theEC client application.

The parameters accepted in Step S23 are as follows.

-   buf: a pointer to data to be read-   file: a name of a target file from which the data to be read-   fp: a pointer inside the target file-   size: a length of the data to be read

In Step S24, the area expansion unit 11 reads the size of the encrypteddata in the file in the partition i, at a part where the file pointerpoints and after. In Step S25, the encryption/decryption unit 14decrypts the read data using the encryption key i in the encryptionmethod i, and then stores the decrypted data in the buffer.

As described above, according to the present embodiment, the EC clientapplication is able to request the OS 10, considering a relation betweenthe security level and the process time, for the attach specifying thesecurity level as an argument. By doing so, it is possible to notify theOS 10 of how high the EC client application requests for the securitylevel.

In the present embodiment, the security level is received from the ECclient application. However, it is also possible that the OS 10 sets thesecurity level automatically. Further, the encryption methods and thebit lengths in the selection table 12 may be up-graded. By doing so, itis possible to increase the secrecy of the secure flash area.

In addition, the selection table 12 and the encryption table 13 may bein an area outside the OS but inside the TRM 1.

Third Embodiment

When an EC client application that is one of a plurality of EC clientapplications runs on the Java virtual machine 9, the OS 10 recognizesthe plurality of EC client applications as one task. In such a case,when switching from a first EC client application to a second EC clientapplication, it could occur that the detach from the first EC clientapplication may not be performed and the second EC client applicationmay access the partition for the first EC client application.

If a person with a malicious intent operates the second EC clientapplication, there is a possibility that the contents stored in thepartition for the first EC client application are revealed to thisperson. In the present embodiment, in order to prevent the storedcontents from being revealed, when the switching from the first ECclient application to the second EC client application has occurred, theJava virtual machine 9 notifies the area expansion unit 11 of theswitching and the APL-ID for the second application.

The area expansion unit 11 performs the detaching of the file systemwhen the switching of the EC client applications is notified from theJava virtual machine 9.

As described above, even in a case in which the EC client applicationsare recognized as one task when running on the Java virtual machine 9,the Java virtual machine 9 notifies the OS 10 of the switching of the ECclient applications, and the detaching of the file system is performed.Accordingly, it does not occur that the contents stored in a partitionfor one application is revealed by another EC client application.

Fourth Embodiment

In the first to third embodiments, the area recognizable as a filesystem is assigned on the flash memory 2, and an area table foraccessing the file system is stored in the tamper resistant module. Inthe fourth embodiment, a set of the area recognizable as a file systemand the area table is allocated on the flash memory 2.

In addition to allocating the set in the flash memory 2, accessinformation for accessing the file system area is generated in the TRM.In the present embodiment, the access information is locationinformation for accessing the area table, and the encryption key fordecrypting the area table.

FIG. 13 illustrates an allocation of the flash memory 2 according to thefourth embodiment. In the drawing, the secure flash area is providedafter the authenticated area 23 and the non-authenticated area 24. Inthis embodiment, an access to the memory is performed per page (1page=512 byte), and the secure flash area is located in 0100 h page (hindicates a hexadecimal number).

An outgoing line hh1 is to detail an allocation of the secure flash areain the flash memory 2. As shown by the outgoing line, the secure flasharea includes “SF (secure flash) Area Table”, “Backup for SF AreaTable”, and up to 16 “File System Areas (1) to (16)”. An outgoing linehh2 is to detail an internal structure of the SF area table. As shown bythe outgoing line, the SF area table includes “Secure Flash Area Size”and 32 “FS (File System) Entries (1) to (32)”. While a number of filesystem areas is 16, a number of FS entries is 32 because blank areasbetween file system areas are also counted.

A size of the SF area table is 388 bytes, and accordingly, a total sizeof the SF area table and its backup becomes 776 byte. One pagecorresponds to 512 bytes, so the two SF area table becomes as large astwo pages. Given that a head page of the secure flash area is 100 h, thefile system area (1) starts from 102 h.

An outgoing line hh3 is to detail an internal structure of an FS entry[i] of a file system [i], as one example of 16 file systems.

A FS entry includes:

“Status Flag” (1 byte) indicating if the file system [i] is invalid (setas “0”), valid (“1”), or blank (“2”),

“FSID” (1 byte) for setting values from 1 to 16 as an identifying numberof the file system [i],

“Sector Unit” (1 byte) indicating if a sector included in the filesystem [i] is 1 KB (when set as “1”), or 4 KB (when set as “2”),

“Entry Unit” (1 byte) indicating if the FS entry [i] is 2 KB (when setas “2”), or 4 KB (when set as “4”),

“Area Size” (4 bytes) indicating an area size of the file system [i],and

“Head Page” (4 bytes) indicating a relative number of pages from the SFarea head page to the file system [i]. By referring to the “Head Page ”of the above FS entry [i], it is possible to access the file system [i].

This is the end of the explanation about the allocation of the secureflash area. Next, an allocation of the TRM internal memory 3 isexplained. FIG. 14 illustrates the allocation of the TRM internal memory3 according to the fourth embodiment. A characteristic of the drawing isthat the access information to access the SF area table is allocatedinside the TRM internal memory 3.

An outgoing line hh4 illustrates an internal structure of the accessinformation. As shown by the outgoing line, the access informationincludes “SF Head Page Access Information” and “FS Entry AccessInformation (1) to (16)”. An outgoing line hh5 illustrates an internalstructure of the SF Head Page Access Information. As shown by theoutgoing line, the SF Head Page Access Information includes 2-byte “CRC”relating to the SF area table, 2-byte “Encryption Method” indicating anencryption method and a bit length of an encryption key used forencrypting the SF area table, 32-byte “Encryption Key” used forencrypting the SF area table, and 4-byte “SF Area Head Page” indicatinga head page of the secure flash area. In a case in which the head pageis FFFF FFFFh, the secure flash area does not exist. In a case in whichthe head page is other than FFFF FFFFh, the secure flash area startsfrom the page indicated in the SF Area Head Page. An outgoing line hh6shows an example of values set for the SF head page access information.In the example, CRC is set at 56 h and 12 h, the encryption method isset at FEh and 3 Eh, the encryption key is set at 01 h, 02 h, 03 h, 04h, . . . , CCh, DDh, EEh, and FFh, and the SF area head page is set at00 h, 001 h, 00 h, and 00 h.

Next, an internal structure of an FS entry access information [i], as anexample of 16 FS entry access information. An outgoing line hh7illustrates a structure of the FS entry access information. The FS entryaccess information [i] includes 2-byte “CRC”, 2-byte “EncryptionMethod”, 32-byte “Encryption Key”, and 4-byte “blank data”. An outgoingline hh8 shows a specific example of the FS entry access information. Inthis example, CRC is set at 93 h and 02 h, the encryption method is setat FFh and 4 Fh, and the encryption key is set at FEh, E4 h, ADh, 2 Ch,. . . , 00 h, 11 h, 22 h, and 33 h.

FIG. 15 illustrates a process of an access to the secure flash areaaccording to the fourth embodiment. The SF head page access informationand the FS entry access information are stored in the TRM internalmemory 3, and accordingly, when the OS in the TRM access any part of thesecure flash area, the OS accesses the encryption SF area table byreferring to the head page in the SF head page access information (kj1in the drawing), and obtains the SF area table by decrypting theencryption SF area table based on the encryption method and theencryption key taken out of the SF head page access information.

By decrypting the SF area table in the above manner, it is possible toaccess the head page in the file system area [i] by referring to the FSentry [i] included in the SF area table (kj2 in the drawing). Further,the encryption key and method for each file system area are indicated inthe FS entry access information in the TRM internal memory 3, andtherefore it is possible to obtain the stored contents in the secureflash area, using the encryption key and method, by decrypting encrypteddata read from any of the file system area.

In the allocations in FIGS. 13 and 14, while the encryption partitiontable is located in the secure flash memory, the SF head page accessinformation and the FS entry access information are stored in the TRM.Therefore, even when the SDeX card is connected to a device, the deviceis not able to read the SF head page access information and the FS entryaccess information stored in the TRM, and data of the encryptionpartition table does not make any sense to the device. Thus, the secrecyof the secure flash area is maintained.

An access to the above explained secure flash area is realized bycreating a program in which processes shown in FIGS. 16-19 aredescribed, and having the CPU 7 execute the program. FIG. 16 is aflowchart showing an order of processes by the OS 10 when initializingthe secure flash area. In this flowchart, the OS 10 assigns the headpage of the secure flash area on the secure flash memory 2 (Step S31),and obtains security level information of the EC client application. Thesecurity level information includes an encryption method and a bitlength indicating the security level of the EC client application. Here,as in the second embodiment, the encryption method indicates analgorithm for encryption to be used for the EC client application, andthe bit length indicates a bit length of an encryption key to be usedfor the EC client application.

Then, the OS 10 generates an encryption key based on the obtainedencryption method and bit length (Step S32), writes the SF head pageaccess information (includes: the encryption key, the encryption method,and the head page) to the TRM internal memory 3 (Step S33), obtains theSF area table by generating 16 FS entries indicating “blank” status flagand adding the secure flash area size (Step S34), and writes thegenerated SF area table in the secure flash memory 2 at the head pageand after, after encrypting using the generated encryption key and basedon the encryption method(Step S35). By the above process, theinitialization of the secure flash area is completed.

FIG. 17 is a flowchart showing an order of processes by the OS 10 whengenerating a file system. In this flowchart, the OS 10 reads the SF headpage access information from the TRM internal memory 3 (Step S41), andjudges whether the head page of the SF head page access information isFFFFFFFF (Step S42). If a result of the judging is affirmative, theflowchart ends without performing further steps. If the result indicatesa valid value, the OS 10 reads and decrypts the encryption SF area tableusing the encryption key and based on the encryption method for the SFhead-page access information (Step S43), and judges whether the FS entryhas a blank slot (Step S44). If there is no blank slot, then theflowchart ends without performing further steps.

If there is any blank slot, the OS 10 makes a blank file system area asa file system area [i] (Step S45), obtains security level information ofthe EC client application and generates an encryption key for the filesystem area [i] based on the encryption method and bit length includedin the obtained security level information (Step S46), writes thepartition boot sector, the FAT, and a direct entry for the file systemarea [i] to the file system area [i] after encrypting using theencryption key based on the encryption method (Step S47). By this, onefile system area is generated in the secure flash memory 2.

FIG. 18 is a flowchart showing an order of processes by the OS 10 whenaccessing the file system. In this flowchart, the OS 10 reads the SFhead page access information from the TRM internal memory 3 (Step S51),and judges whether the head page of the SF head page access informationis FFFFFFFF (Step S52). If a result of the judging is affirmative, theflowchart ends without performing further steps. If the result indicatesa valid value, the OS 10 reads and decrypts the encryption SF area tableusing the encryption key and based on the encryption method for the SFhead page access information (Step S53). The OS 10 reads the head pageof the file system [j] from the decrypted SF area table (Step S54), andreads the encrypted partition boot sector, FAT, and direct entry for thefile system area [j] from a total of the head page of the secure flasharea and the head page of the file system [j] (Step S55) Then, the OS 10decrypts the data read from the file system [j] based on the encryptionmethod and encryption key in the FS entry access information (Step S56),recognizes directories and files in the file system area [j] based onthe result of the decryption (Step S57), and performs the file access inthe file system [j] based on the encryption method and encryption key inthe file system area [j] (Step S58).

FIG. 19 is a flowchart showing an order of processes by the OS 10 whendeleting the file system. In this flowchart, the OS 10 first reads theSF head page access information from the TRM internal memory 3 (StepS61), and judges whether the head page of the SF head page accessinformation is FFFFFFFF (Step S62). If a result of the judging isaffirmative, the flowchart ends without performing further steps. If theresult indicates a valid value, the OS 10 reads and decrypts theencryption SF area table from the head page of the secure flash areausing the encryption key and based on the encryption method for the SFhead page access information (Step S63). The OS 10 then reads the headpage of the file system [j] from the decrypted SF area table (Step S64),and performs a clearing process for a size of the file system area [j]from the total of the head page of the secure flash area and the headpage of the file system [j] (Step S65). Then, the OS 10 renews thestatus flag for the file system area [j] in the SF area table to theblank status (Step S66), and re-writes the renewed SF area table in thesecure flash area after encrypting the renewed SF area table using theencryption key and based on the encryption method in the SF head pageaccess information (Step S67). By the above steps, the clearing of thefile system [j] is completed.

As described above, according to the present embodiment, the encryptionSF area table is located in the secure flash memory, with the SF headpage access information that includes the information indicating thelocation of the SF area table, the encryption key, and the encryptionmethod allocated in the TRM. Accordingly, only the OS in the TRM is ableto recognize the file system area in the secure flash memory. Byproviding the file system area which is accessible only by the OS in theTRM in the secure flash area, it is possible to expand the usage areathat the EC client application uses with maintaining the secrecy of thestored content.

Fifth Embodiment

In the first to fourth embodiments, the TRM internal memory 3 and theexternal memory 2 are a EEPROM and a flash memory, respectively. In afifth embodiment, each of the TRM internal memory 3 and the externalmemory 2 includes two memory modules. FIG. 20 illustrates a structure ofthe memory modules according to the fifth embodiment. In the drawing, anEEPROM 3 a and a flash memory 2 a are primary memory modules, and thesame as the memories described in the first to fourth embodiments. Inthe fifth embodiment, secondary memory modules 2 b and 3 b are providedto the external memory 2 and internal memory 3, respectively. Thesecondary memory modules 2 b and 3 b are made of Ferroelectric RandomAccess Memory (FeRAM), and performance of the FeRAM greatly differs fromthe flash memory. FIG. 21 is a table for performance comparison betweenthe flash memory and the FeRAM. The table shows that the flash memory islow-cost, and suitable for memories with a larger capacity (◯ in thetable), but only able to be written by a block (※1). A size of one blockbecomes larger as the capacity of the flash memory becomes larger, andaccordingly a loss could be greater when a small size of data is writtento the flash memory. Further, write time is long (10000 ns), and anumber for rewrite times is small (1,000,000 times). Moreover, writeperformance is unstable because when the write is performed, dataalready stored is deleted once and then re-written.

On the other hand, the FeRAM is expensive and not suitable for memorieswith a larger capacity (Δ in the table), but is able to be written by abyte, and at a high speed (30-100 ns). Further, it is possible tore-write an increased number of times.

Because of the above differences in performance, it is possible to coverthe write performance of the flash memory by using a secondary memorymodule of the FeRAM and stores data that is frequently renewed, such asfile entries and FAT, in the secondary memory module. FIG. 22illustrates the FeRAM assigned with the data that is frequently renewed,such as file entries, FAT, and a clear process managing table.

As described above, the data that is small in size and frequentlyrenewed, such as file entries and FAT, are stored in the secondarymemory module made of the FeRAM, it is possible to realize a high speedre-writing of the data such as file entries and FAT.

Another characteristic of the FeRAM is that data stored in the FeRAM canbe read only once. This means that the data stored in the FeRAM will bedestructed after the data is read (※4). Such a characteristic isdesirable in terms of maintaining the secrecy, but the number ofre-write times increases as a result because it becomes necessary towrite the data again when the data is read. In order to cover thecharacteristic of destructive read, it is desirable to useMagnetoresistive Random Access Memory (MRAM).

Sixth Embodiment

In the fifth embodiment, the secondary memory module in the internalmemory 3 is made of FeRAM. In a sixth embodiment, however, the internalmemory 3 in the tamper resistant module is made of FeRAM. FIG. 23illustrates an internal structure of the TRM internal memory 3 accordingto the sixth embodiment. The TRM internal memory 3 is small in size, andtherefore it does not increase the production cost too much. Note that,although the TRM internal memory 3 of the sixth embodiment is made ofFeRAM, it is also desirable that the TRM internal memory 3 is made onlyof MRAM.

Seventh Embodiment

In the first embodiment, the EC client application is stored, inadvance, in the Mask ROM 6. A seventh embodiment, however, relates to animprovement in which an EC client application may be downloaded from theEC server 100 and recorded in the SDeX card.

The TRM internal memory 3 according to the seventh embodiment isprovided with an area for downloaded EC client applications. When the SDportable device downloads a new EC client application from the EC server100, the new EC client application is stored in the area for downloadedEC client applications.

One of usage areas that have been secured in advance is assigned to thenewly downloaded EC client application. The area expansion unit 11assigns one of the file systems in the flash memory 2 to the downloadedEC client application, when the new EC client application is added afterthe download. The file system assigned to the downloaded EC clientapplication is unique to the downloaded EC client application, and otherEC client applications are not able to access the file system. The ECclient application is able to perform file access freely in the filesystem that is a closed space.

As described above, according to the present embodiment, the areaexpansion unit 11 assigns the file system to the downloaded EC clientapplication when the new EC client application is added to the SDeXcard. Accordingly, the downloaded EC client application is able to usethe area on the SDeX card just enough.

In order to assign a unique file system to the downloaded EC clientapplication, it is desirable to reserve usage areas in advance, for ECclient applications to be downloaded in the future.

Additional Explanations for First to Seventh Embodiments

-   (A) Although the EC applications are explained as an example of    applications, the EC applications may be other kind of applications.    The EC applications may be server applications on servers operated    by transportation companies, such as railways, airlines, buses, and    highways, and client applications corresponding to the server    applications. By this, it is possible to utilize the SDeX memory    card 400 for such as examining tickets and boarding procedures.

Moreover, the EC applications may also be server applications on serversoperated by national and local public offices. By this, it is possibleto utilize the SDeX memory card 400 for such as registration andissuance of various certificates such as of residence.

-   (B) Data processing as shown in FIGS. 12A-12C is realized by using    hardware resources such as the CPU and the EEPROM. Specifically, the    SDeX memory card as described in the first to seventh embodiments    are structured by collaboration of the program and the hardware in    which data processing is performed in accordance with the intended    use.

Because the data processing by the program is practically realized usingthe hardware resources, the program whose processes are shown in theflowchart is considered to be a creation of technical ideas utilizingnatural laws, and therefore considered to be an invention as the programalone. The processes shown in FIGS. 12A-12C discloses examples ofpractical works of the program according to the present invention.

In the first to the seventh embodiments, the practical examples of theprogram is described as the program installed in the SDex memory card400. However, it is also possible that the program alone is put intopractice, separated from the SDeX memory card 400. Examples of thepractical uses of the program alone include (i) manufacturing theprogram, (ii) transferring the program regardless of whether or notcompensation is received, (iii) lending the program, (iv) importing theprogram, (v) providing the program via a bi-directional electroniccommunication line regardless of whether or not compensation isreceived, (vi) offering transferring or lending of the program togeneral users by storefront display, catalog invitation, distribution ofbrochure, and such.

The example (v) of the practical uses about providing the program via abidirectional electronic communication line includes (a) a providersends the program to a user and have the user use (program downloadservice), and (b) only functions of the program is provided to the uservia the electronic communication line and the program itself remains onthe provider side (Function Providing ASP service).

-   (C) An element of “time” in the steps in the flowcharts in FIGS.    12A-12C that are performed chronologically is considered to be    essential. Accordingly, it becomes clear that the processes in the    flowcharts disclose practical uses of a controlling method. The    processes shown in the flowcharts are embodiments of the practical    uses of the controlling method according to the present invention.    Because the intended object of the present invention is achieved by    performing each step chronologically, it is clear that the processes    shown in the flowcharts are considered to be the practical uses of    the method of controlling the semiconductor memory card according to    the present invention.-   (D) In the first to seventh embodiments, the nonvolatile memories in    and outside the tamper resistant memory are explained as the EEPROM.    However, other nonvolatile memories such as FeRAM may also be used.-   (E) Although the SD portable device 300 is explained as a cellar    telephone type as an example, the SD portable device 300 maybe    portable audio devices for commercial use, Set Top Boxes (STBs), or    mobile phones.-   (F) Although the annual transaction schedule is taken as an example    of secure data that has a value next to money, other kind of data    that requires secrecy may be used, such as information about    frequent flier, shopping coupon, and trade secrets.-   (G) Although the area expansion unit 11 assigns partitions as the    file system unique to the EC client application, other kinds of    logical areas may be used as file system areas unique to the EC    client applications. For example, one directory may be a file system    area for one EC client application.

INDUSTRIAL APPLICABILITY

A semiconductor memory card according to the present invention issuitable for storing various kinds of data that require secrecy becauseit is possible to expand a secure area, and has a greater applicabilityin various fields such as consumer industry.

1. A semiconductor memory card comprising a tamper resistant module anda nonvolatile memory, wherein the tamper resistant module includes: aninternal memory having a usage area used by a program stored in thetamper resistant module; and a processing unit operable to (i) assign anarea in the nonvolatile memory to the program, and (ii) generate, on theinternal memory of the tamper resistant module, access information forthe assigned area, the usage area and the assigned area therebycomposing a total area for use by the program.
 2. A semiconductor memorycard according to claim 1, wherein the internal memory stores a firstarea table indicating a location and a size of the usage area, and asecond area table indicating a location and a size of the assigned area,and the access information is the second area table.
 3. A semiconductormemory card according to claim 1, wherein the processing unit comprises:an assigning unit operable to assign, at a time of the generation of theaccess information, an encryption key which the program uses inaccessing the assigned area; an encrypting unit operable, at a time ofthe program writing data to the assigned area, to encrypt the data; anda decrypting unit operable, at a time of the program reading data fromthe assigned area, to decrypt the data.
 4. A semiconductor memory cardaccording to claim 3, wherein the processing unit further comprises: areceiving unit operable to receive a security level from the program;and a storage unit that stores values for different security levels, bitlengths of an encryption key, and encryption methods, the bit lengthsand encryption methods corresponding one-to-one to the values, theencryption key assigned by the assigning unit is generated based on abit length corresponding to the received security level, and theencryption and decryption by the encrypting unit and decrypting unit,respectively, are performed based on an encryption method correspondingto the received security level.
 5. A semiconductor memory card accordingto claim 1, wherein the internal memory stores a first area tableindicating a location and a size of the usage area, the nonvolatilememory stores a second area table indicating a location and a size ofthe assigned area, the second area table being encrypted using apredetermined encryption key, and the access information is a set of thepredetermined encryption key and information indicating a location ofthe second area table.
 6. A semiconductor memory card according to claim5, wherein the nonvolatile memory includes a first memory module and asecond memory module, a unit of writing in the second memory modulebeing smaller than a unit of writing in the first memory module, and thesecond memory module storing file management data.
 7. A semiconductormemory card according to claim 6, wherein the second memory module isone of a Ferroelectric Random Access Memory and a MagnetoresistiveRandom Access Memory.
 8. A semiconductor memory card according to claim5, wherein the internal memory of the tamper resistant module includes afirst memory module and a second memory module, a unit of writing in thesecond memory module being smaller than a unit of writing in the firstmemory module, and the second memory module storing file managementdata.
 9. A semiconductor memory card according to claim 8, wherein thesecond memory module is one of a Ferroelectric Random Access Memory anda Magnetoresistive Random Access Memory.
 10. A semiconductor memory cardaccording to claim 1 being a multi-application memory card, wherein theprogram is one of applications with which the memory card is compatible,and the internal memory has a plurality of usage areas corresponding oneto one to the applications.
 11. A semiconductor memory card according toclaim 10, wherein at a time of addition of an application to the memorycard, the processing unit assigns an area to be used by the addedapplication.
 12. A semiconductor memory card according to claim 1,wherein the assigned area is a file system in which files are stored.13. A semiconductor memory card according to claim 1, wherein the tamperresistant module includes a CPU that executes the program.
 14. Asemiconductor memory card according to claim 1 including a hostinterface which is an interface with a device connected to the memorycard, wherein the host interface judges whether a command from thedevice is an expansion command, and the program starts, if the commandis judged to be the expansion command.
 15. A semiconductor memory cardthat comprises a tamper resistant module and a nonvolatile memory, andincludes a plurality of file systems, a secure level of each of the filesystems being one of high, medium, and low, wherein a first file systemwhose secure level is high is stored in the tamper resistant module, asecond file system whose secure level is low is stored in thenonvolatile memory, and a third file system whose secure level is mediumis stored in the nonvolatile memory, and access information foraccessing the third file system is stored in the tamper resistantmodule.
 16. A controlling program in a semiconductor memory card thatcomprises a tamper resistant module and a nonvolatile memory, and thatis executed by a CPU in the tamper resistant module, wherein the tamperresistant module includes an internal memory having a usage area used byan application stored in the tamper resistant module, and thecontrolling program is operable to (i) assign an area in the nonvolatilememory to the application, and (ii) generate, on the internal memory ofthe tamper resistant module, access information for the assigned area,the usage area and the assigned area thereby composing a total area foruse by the application.